httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Rasmussen <mike...@patch.com>
Subject Clarification on NameVirtualHost and VirtualHost sections
Date Sat, 22 Sep 2007 15:43:53 GMT
Hi,

I'd supply a patch, but I don't know which of:
http://httpd.apache.org/docs/2.0/mod/core.html#virtualhost
http://httpd.apache.org/docs/2.0/vhosts/name-based.html
http://httpd.apache.org/docs/2.0/vhosts/ ...
is appropriate.

I believe the statement:

  If a <VirtualHost> block does not contain a ServerName statement the hostname
  of the computer will be used.  
 
Should be added.  

Why?  

It explains the default behavior.

If someone has a misconfigured VirtualHost it can possibly hijack the
configuration for the hostname defined VirtualHost.
  
Assume a configuration using
  Include /etc/apache2/sites-enabled/[^.#]*
that has a, perhaps vendor supplied, 000-default or default that does not
have a ServerName specified.  For example:

000-default or default file:
<VirtualHost *:80>
    # No Server Name definition
    DocumentRoot /var/www/
    # ... other directives
</VirtualHost>

hostname.domain.tld file:
<VirtualHost *:80>
    ServerName hostname.domain.tld
    DocumentRoot /var/www/hostname
    # ... other directives
</VirtualHost>

Contrary to their expectation the content stored at /var/www/hostname
would never be served.  Instead the content at the DocumentRoot defined
in the 000-default or default file would be served.

Note, this could happen with any configuration where the file for
a misconfigured VirtualHost is loaded before the one containing the
definition where ServerName equals `hostname`.

Thank you for considering this suggestion.

-- 
      Michael Rasmussen, Portland Oregon  
    Be appropriate && Follow your curiosity
          http://www.patch.com/words/ 
  The fortune cookie says:
Excuse me, but didn't I tell you there's NO HOPE for the survival of
OFFSET PRINTING?


---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message